Add "validation" arg in JSONSerializer

If the "validation" argument is set then when
serializing the metadata object will be validated.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>

Author: Martin Vrachev

tests/test_api.py

@@ -39,7 +39,7 @@
     Targets,
     Timestamp,
 )
-from tuf.api.serialization import DeserializationError
+from tuf.api.serialization import DeserializationError, SerializationError
 from tuf.api.serialization.json import CanonicalJSONSerializer, JSONSerializer
 
 logger = logging.getLogger(__name__)
@@ -157,6 +157,13 @@ def test_read_write_read_compare(self) -> None:
 
             os.remove(path_2)
 
+    def test_serialize_with_validate(self) -> None:
+        # Assert that by changing one required attribute validation will fail.
+        root = Metadata.from_file(f"{self.repo_dir}/metadata/root.json")
+        root.signed.version = 0
+        with self.assertRaises(SerializationError):
+            root.to_bytes(JSONSerializer(validate=True))
+
     def test_to_from_bytes(self) -> None:
         for metadata in TOP_LEVEL_ROLE_NAMES:
             path = os.path.join(self.repo_dir, "metadata", metadata + ".json")

tests/test_trusted_metadata_set.py

@@ -22,6 +22,7 @@
     Targets,
     Timestamp,
 )
+from tuf.api.serialization.json import JSONSerializer
 from tuf.ngclient._internal.trusted_metadata_set import TrustedMetadataSet
 
 logger = logging.getLogger(__name__)
@@ -49,7 +50,7 @@ def modify_metadata(
         metadata = Metadata.from_bytes(cls.metadata[rolename])
         modification_func(metadata.signed)
         metadata.sign(cls.keystore[rolename])
-        return metadata.to_bytes()
+        return metadata.to_bytes(JSONSerializer(validate=True))
 
     @classmethod
     def setUpClass(cls) -> None:

tuf/api/serialization/json.py

@@ -9,6 +9,7 @@
 """
 
 import json
+from typing import Optional
 
 from securesystemslib.formats import encode_canonical
 
@@ -44,17 +45,22 @@ def deserialize(self, raw_data: bytes) -> Metadata:
 class JSONSerializer(MetadataSerializer):
     """Provides Metadata to JSON serialize method.
 
-    Attributes:
+    Args:
         compact: A boolean indicating if the JSON bytes generated in
-                'serialize' should be compact by excluding whitespace.
+            'serialize' should be compact by excluding whitespace.
+        validate: Check that the metadata object can be deserialized again
+            without change of contents and thus find common mistakes.
+            This validation might slow down serialization significantly.
 
     """
 
-    def __init__(self, compact: bool = False):
+    def __init__(self, compact: bool = False, validate: Optional[bool] = False):
         self.compact = compact
+        self.validate = validate
 
     def serialize(self, metadata_obj: Metadata) -> bytes:
         """Serialize Metadata object into utf-8 encoded JSON bytes."""
+
         try:
             indent = None if self.compact else 1
             separators = (",", ":") if self.compact else (",", ": ")
@@ -65,6 +71,16 @@ def serialize(self, metadata_obj: Metadata) -> bytes:
                 sort_keys=True,
             ).encode("utf-8")
 
+            if self.validate:
+                try:
+                    new_md_obj = JSONDeserializer().deserialize(json_bytes)
+                    if metadata_obj != new_md_obj:
+                        raise ValueError(
+                            "Metadata changes if you serialize and deserialize."
+                        )
+                except Exception as e:
+                    raise ValueError("Metadata cannot be validated!") from e
+
         except Exception as e:
             raise SerializationError from e